cyber security

WannaCry hasn’t hurt India's government, but there have been dangerous, unreported attacks before

Bring a cyber security law and amend the Information Technology Act to criminalise malicious online attacks, urge experts.

Computer systems of at least 18 Andhra Pradesh police units are among the hundreds in India compromised by the WannaCry ransomware attack, which began on May 12 and is estimated to have affected more than 200,000 computers across 150 countries so far.

Ransomware is a type of malicious software designed to block access to computer systems until a sum of money is paid. The malware is usually sent through email and blocks access by encrypting the targeted system’s data. The ransom is demanded to be paid in the virtual currency Bitcoin, which the Reserve Bank of India does not recognise as an authorised mode of exchange.

In India, ransomware attacks have become rampant since 2015, cyber security experts said, finding victims in a wide range of industries, from pharmaceuticals to hospitality and banking to information technology.

The latest global attack infected computers at private enterprises in Mumbai, Hyderabad, Bangalore and other cities. The Andhra Pradesh police was the first government agency to report being affected. Now, it has emerged that the Gujarat State Wide Area Network and customer care centres of the West Bengal Electricity Distribution Company Limited, a public sector undertaking, were affected as well.

For government agencies in India, though, WannaCry is not the first ransomware experience. At least two such attacks have been reported in the past one year.

State of vulnerability

In January 2017, three servers in the Delhi office of the Quality Council of India, an accreditation body set up jointly by the central government and the Indian industry associations, were attacked by Cerber ransomware. It took cyber security experts over 36 hours to unblock the system through decryption applications. No ransom had to be paid, said a cyber security expert who was involved in the operation.

According to Kislay Chaudhary, a cyber security consultant with the central government, using decryption applications to unblock ransomware-infected computers is easier said than done. There are thousands of decryption applications available on the internet and each has a specific purpose. So the operation is essentially a hit-and-miss. If all the available applications fail to decrypt the data, the only option left is to wait for the discovery of the malicious software’s kill switch to unblock the computer.

In May 2016, computer systems of Maharashtra’s revenue and public works departments were infected by Locky ransomware.

Ransomware blocks access to the infected computer by encrypting data and demands payment to unlock it. Image credit: Reuters
Ransomware blocks access to the infected computer by encrypting data and demands payment to unlock it. Image credit: Reuters

“It is not that government agencies are more vulnerable to these attacks,” said Chaudhary. “The most vulnerable are private or independent servers and customised mail boxes, which fail to spam emails with malware attachments, often because of lack of investment in making the systems safe enough, and inadequate research and development.”

Pavan Duggal, an advocate with expertise in cyber security law, however, contended that “what is visible on the surface is just the tip of the iceberg”.

“Most ransomware attacks are unreported and India is no exception to that,” he said. “Top information technology companies, banks and even government agencies in the country have witnessed such attacks in the past three years. But most attacks were local and isolated in nature. A mass attack like WannaCry is unprecedented.”

So, how can such attacks be tackled? Duggal said India must urgently enact a cyber security law and amend the Information Technology Act to make cyber attacks criminal offences and clearly chalk out the roles and responsibilities, accountability and liabilities of internet service providers and intermediary agencies in case of such offences.

Outside of the government, Cyber Peace Foundation, a Jharkhand-based cyber security non-profit, has invested in a project called Honey Net to combat cyber attacks. Under this project, the NGO has set up deliberately vulnerable computer networks in 10 states, including Jharkhand, Gujarat, Andhra Pradesh and Karnataka, to invite cyber attacks in order to analyse their nature. They recorded an unusual trend a day before the global cyber attack of May 12.

“The system which usually endures 147 cyber attack attempts per day on an average actually endured around 9,000 attacks on Thursday,” said the founder of the NGO Vineet Kumar. They have received requests to deal with 15 WannaCry infection. These clients include private enterprises, academic institutes and government agencies, Kumar said, but did not disclose their identities.

Lax security

In the wake of the WannaCry attack, the Indian government’s Computer Emergency Response Team issued a critical alert and an advisory while the Ministry of Information Technology reached out to key stakeholders such as the Reserve Bank of India, National Payments Corporation of India, National Informatics Centre and Unique Identification Authority of India, advising them to protect their systems against WannaCry and ensure protection of the digital payments ecosystem in the country, PTI reported. The Reserve Bank, in turn, directed banks to down their ATM networks until the machines received the Windows software update that protects against the ransomware.

“ATMs operations are usually outsourced to third parties and it is shocking that more than 70 percent of the ATM network in India operates on Windows XP,” said Chaudhary, referring to an older version of Microsoft’s operating system. “Microsoft has stopped issuing update patches for the XP, though the case of WannaCry is exceptional because they had released patches on receipt of prior input about a possible leak. But most users, including government agencies, often act reluctant in installing update files.”

Chaudhary also said Indian banks have witnessed several malware attacks in the past “but surprisingly many of them are yet to take adequate measures for protection”.

We welcome your comments at letters@scroll.in.
Sponsored Content BY 

How sustainable farming practices can secure India's food for the future

India is home to 15% of the world’s undernourished population.

Food security is a pressing problem in India and in the world. According to the Food and Agriculture Organization of the UN (FAO), it is estimated that over 190 million people go hungry every day in the country.

Evidence for India’s food challenge can be found in the fact that the yield per hectare of rice, one of India’s principal crops, is 2177 kgs per hectare, lagging behind countries such as China and Brazil that have yield rates of 4263 kgs/hectare and 3265 kgs/hectare respectively. The cereal yield per hectare in the country is also 2,981 kgs per hectare, lagging far behind countries such as China, Japan and the US.

The slow growth of agricultural production in India can be attributed to an inefficient rural transport system, lack of awareness about the treatment of crops, limited access to modern farming technology and the shrinking agricultural land due to urbanization. Add to that, an irregular monsoon and the fact that 63% of agricultural land is dependent on rainfall further increase the difficulties we face.

Despite these odds, there is huge potential for India to increase its agricultural productivity to meet the food requirements of its growing population.

The good news is that experience in India and other countries shows that the adoption of sustainable farming practices can increase both productivity and reduce ecological harm.

Sustainable agriculture techniques enable higher resource efficiency – they help produce greater agricultural output while using lesser land, water and energy, ensuring profitability for the farmer. These essentially include methods that, among other things, protect and enhance the crops and the soil, improve water absorption and use efficient seed treatments. While Indian farmers have traditionally followed these principles, new technology now makes them more effective.

For example, for soil enhancement, certified biodegradable mulch films are now available. A mulch film is a layer of protective material applied to soil to conserve moisture and fertility. Most mulch films used in agriculture today are made of polyethylene (PE), which has the unwanted overhead of disposal. It is a labour intensive and time-consuming process to remove the PE mulch film after usage. If not done, it affects soil quality and hence, crop yield. An independently certified biodegradable mulch film, on the other hand, is directly absorbed by the microorganisms in the soil. It conserves the soil properties, eliminates soil contamination, and saves the labor cost that comes with PE mulch films.

The other perpetual challenge for India’s farms is the availability of water. Many food crops like rice and sugarcane have a high-water requirement. In a country like India, where majority of the agricultural land is rain-fed, low rainfall years can wreak havoc for crops and cause a slew of other problems - a surge in crop prices and a reduction in access to essential food items. Again, Indian farmers have long experience in water conservation that can now be enhanced through technology.

Seeds can now be treated with enhancements that help them improve their root systems. This leads to more efficient water absorption.

In addition to soil and water management, the third big factor, better seed treatment, can also significantly improve crop health and boost productivity. These solutions include application of fungicides and insecticides that protect the seed from unwanted fungi and parasites that can damage crops or hinder growth, and increase productivity.

While sustainable agriculture through soil, water and seed management can increase crop yields, an efficient warehousing and distribution system is also necessary to ensure that the output reaches the consumers. According to a study by CIPHET, Indian government’s harvest-research body, up to 67 million tons of food get wasted every year — a quantity equivalent to that consumed by the entire state of Bihar in a year. Perishables, such as fruits and vegetables, end up rotting in store houses or during transportation due to pests, erratic weather and the lack of modern storage facilities. In fact, simply bringing down food wastage and increasing the efficiency in distribution alone can significantly help improve food security. Innovations such as special tarpaulins, that keep perishables cool during transit, and more efficient insulation solutions can reduce rotting and reduce energy usage in cold storage.

Thus, all three aspects — production, storage, and distribution — need to be optimized if India is to feed its ever-growing population.

One company working to drive increased sustainability down the entire agriculture value chain is BASF. For example, the company offers cutting edge seed treatments that protect crops from disease and provide plant health benefits such as enhanced vitality and better tolerance for stress and cold. In addition, BASF has developed a biodegradable mulch film from its ecovio® bioplastic that is certified compostable – meaning farmers can reap the benefits of better soil without risk of contamination or increased labor costs. These and more of the company’s innovations are helping farmers in India achieve higher and more sustainable yields.

Of course, products are only one part of the solution. The company also recognizes the importance of training farmers in sustainable farming practices and in the safe use of its products. To this end, BASF engaged in a widespread farmer outreach program called Samruddhi from 2007 to 2014. Their ‘Suraksha Hamesha’ (safety always) program reached over 23,000 farmers and 4,000 spray men across India in 2016 alone. In addition to training, the company also offers a ‘Sanrakshan® Kit’ to farmers that includes personal protection tools and equipment. All these efforts serve to spread awareness about the sustainable and responsible use of crop protection products – ensuring that farmers stay safe while producing good quality food.

Interested in learning more about BASF’s work in sustainable agriculture? See here.

This article was produced by the Scroll marketing team on behalf of BASF and not by the Scroll editorial team.